M5: OS and web security - C.9 Flashcards
What is the main protocol for data transfer between web browsers and servers?
HTTP (Hypertext Transfer Protocol).
What does HTTPS stand for?
HTTP Secure.
What is the purpose of the Domain Name System (DNS)?
To define a scheme of hierarchical domain names and translate them into IP addresses.
What is a URL?
A Uniform Resource Locator, which specifies the source locations of files and web pages.
What is the role of HTML in web pages?
HTML (Hypertext Markup Language) is used to format and display content on web pages.
What is JavaScript used for in HTML documents?
To execute code that manipulates the displayed page and underlying document object.
What is the Same-Origin Policy (SOP)?
A security measure that isolates documents from different origins to prevent interference.
What is a cookie in the context of web browsing?
A small data string passed from a server to a client, used to retain state across HTTP requests.
What is a session cookie?
A cookie stored in browser memory that is deleted after the window closes.
What does the Secure attribute in a cookie do?
Ensures the cookie is only sent over HTTPS, not HTTP.
What is Cross-Site Scripting (XSS)?
An attack where malicious scripts are injected into trusted websites.
What is SQL Injection?
An attack that involves inserting malicious SQL queries into input fields to manipulate databases.
What is Cross-Site Request Forgery (CSRF)?
An attack that tricks a user into performing actions on a different site without their knowledge.
What is the purpose of the HTTP Referer header?
To hold the URL of the page from which a request was made.
What is an HTTP proxy?
An intermediary server that negotiates access to endpoint server resources and relays responses.
What is the CONNECT method in HTTP?
A method used to set up a TCP connection to a server and relay encrypted data.
What is the main goal of TLS (Transport Layer Security)?
To provide a secure channel between two endpoints.
What is a pre-shared key (PSK) in TLS?
A long-term secret used for key establishment in TLS connections.
What is the purpose of the TLS handshake?
To establish cryptographic parameters and authenticate the server to the client.
What is the Record Layer in TLS?
The layer that protects application data using negotiated parameters.
What is the DOM (Document Object Model)?
A hierarchical structure representing an HTML document, used to access and manipulate web page content.
What is the window.location property in the DOM?
It represents the URL of the document displayed in the window.
What is the purpose of the Path attribute in a cookie?
To control which origin server pages a cookie is returned to.
What is the HttpOnly attribute in a cookie?
It makes the cookie accessible only through HTTP, not via JavaScript.
What is the main function of a web form in HTML?
To solicit user input and send it to a server via an HTTP request.
What is the purpose of the meta refresh tag in HTML?
To redirect the browser to a new URL after a specified time.
What is the purpose of the Location header in an HTTP response?
To specify the target URL for redirection.
What is the main security concern with HTTP proxies?
They can be used for middle-person attacks if not trustworthy.
What is the main difference between HTTP and HTTPS?
HTTPS uses TLS to encrypt data, providing a secure channel.
What is the main challenge with providing meaningful security indicators to users?
Making them intuitive and simple to avoid dangerous errors.